Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat – Malwarebytes Labs

The team takes advantage of a file with an embedded macro that works by using a VBA self decoding technique to decode itself in the memory areas of Microsoft Workplace without the need of crafting to the disk.